FEATURE
Rather than advising
users to create
random strings
of alphanumeric
passwords,
we should be
recommending the
use of passphrases.
combinations, making brute-force
attacks on long passwords far harder for
hackers to crack. But increasingly the
complexity of a password also makes
it much harder for people to remember,
hence why password123456 is still the
most popular password today.
Rather than advising users to create
random strings of alphanumeric
passwords, we should be recommending
the use of passphrases. These will still
be lengthy, but made up of real words,
so easier to remember. It might seem
simple, but the truth is, if a password
takes too long to crack, hackers will
simply move onto the next batch.
Static passwords simply cannot provide
effective corporate protection. In 2016,
the Bitglass security team leaked a
fake profile onto the Dark Web to show
just how quickly phished credentials
can spread. Within a month, the fake
employee’s credentials had been viewed
over 1,400 times and there were multiple
successful login attempts into the
phished account.
50
The number of large-scale data breaches
and the fact that users regularly re-use
passwords is a real issue for businesses
today. Therefore, enterprises must follow
best practices in authenticating users,
starting with a proactive approach to
identifying suspicious logins. Dynamic
identity management solutions that
can detect potential intrusions, require
multi-factor authentication and integrate
with existing systems for managing user
access can be much more effective than
basic password protection. For example,
if a system records an employee logging
into a cloud application from a host of
different countries, it can alert IT security
teams of suspicious behaviour and they
can lock that account, preventing a
possible breach.
TIM
TIM BANDOS,
BANDOS, SENIOR
SENIOR
CYBERSECURITY
CYBERSECURITY DIRECTOR
DIRECTOR AT
DIGITAL
GUARDIAN
AT DIGITAL
GUARDIAN
Companies have a responsibility to
keep data secure and a big part of
that responsibility is stamping out
employee’s bad password habits.
This starts with educating staff about
what makes a really good password
and giving them advice about how to
keep their accounts secure, by using
unique passwords across all accounts
and regularly changing them. This
includes encouraging employees to use
completely different passwords for their
personal and professional accounts.
To strengthen security, CISOs can instil
policies for password creation among
their users, as well as enabling two-factor
authentication for an additional layer
of security. These policies may include
a minimum of 10-15 characters and a
requirement of a mixture of numbers and
special characters. Leveraging tools like
password managers (Dashlane, LastPass)
can also aid in developing extremely
complex credentials that don’t require the
end user to remember every single one.
These tools can auto-populate password
field boxes with your passwords in a
secure manner.
Ultimately, however, with the number of
login dumps in recent years, password
security will never be 100% secure. It’s
inevitable that hackers will at some point
breach a company’s network, so the
focus must shift to preventing hackers
from exfiltrating sensitive data. Deploying
data-centric security technology can
remove the risk factor associated
with these threats because even if
someone has access to the data, they
are prevented from copying, moving or
deleting it without approval. u
It’s inevitable that
hackers will at
some point breach
a company’s
network, so the
focus must shift to
preventing hackers
from exfiltrating
sensitive data.
Issue 11
|
www.intelligentciso.com